Mercurial Repository: p/roundup/code: .github/workflows/anchore.yml history

http://hg.code.sf.net:8000/p/roundup/code/atom-log/tip/.github/workflows/anchore.yml Mercurial Repository: p/roundup/code: .github/workflows/anchore.yml history 2026-03-22T22:40:11-04:00 build(deps): bump anchore/scan-action from 7.3.2 to 7.4.0 #86 http://hg.code.sf.net:8000/p/roundup/code/#changeset-4d09c8046cdef49438af0cab10572b81a2ca057b John Rouillard rouilj@ieee.org 2026-03-22T22:40:11-04:00 2026-03-22T22:40:11-04:00

changeset	4d09c8046cde
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	build(deps): bump anchore/scan-action from 7.3.2 to 7.4.0 #86
files

chore(build): build(deps): bump anchore/scan-action from 7.3.1 to 7.3.2 pull #82 http://hg.code.sf.net:8000/p/roundup/code/#changeset-955016d272aaac087c440fe15408bd55392d3a25 John Rouillard rouilj@ieee.org 2026-02-23T20:13:40-05:00 2026-02-23T20:13:40-05:00

changeset	955016d272aa
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	chore(build): build(deps): bump anchore/scan-action from 7.3.1 to 7.3.2 pull #82
files

chore(build): bump anchore/scan-action from 7.2.3 to 7.3.0 pull #80 http://hg.code.sf.net:8000/p/roundup/code/#changeset-8c265e8bfc5acd0b4c01c97b978be64484472a8c John Rouillard rouilj@ieee.org 2026-01-27T22:17:17-05:00 2026-01-27T22:17:17-05:00

changeset	8c265e8bfc5a
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	chore(build): bump anchore/scan-action from 7.2.3 to 7.3.0 pull #80
files

chore(build): bump anchore/scan-action from 7.2.3 to 7.3.0 pull #80 http://hg.code.sf.net:8000/p/roundup/code/#changeset-d7d91e25a1c2f81a4ba79d43d57f813a9730a932 John Rouillard rouilj@ieee.org 2026-01-27T21:41:37-05:00 2026-01-27T21:41:37-05:00

changeset	d7d91e25a1c2
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	chore(build): bump anchore/scan-action from 7.2.3 to 7.3.0 pull #80
files

chore(build): bump actions/checkout from 6.0.1 to 6.0.2 pull #79 http://hg.code.sf.net:8000/p/roundup/code/#changeset-951db09501746d3d3b4683df35bcd6d220b2a9bd John Rouillard rouilj@ieee.org 2026-01-27T21:40:43-05:00 2026-01-27T21:40:43-05:00

changeset	951db0950174
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	chore(build): bump actions/checkout from 6.0.1 to 6.0.2 pull #79
files

bump anchore/scan-action from 7.2.2 to 7.2.3 (PR #78) http://hg.code.sf.net:8000/p/roundup/code/#changeset-80f34a0821f59478c3dbe4160c07c91899dbb8de John Rouillard rouilj@ieee.org 2026-01-13T16:26:33-05:00 2026-01-13T16:26:33-05:00

changeset	80f34a0821f5
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	bump anchore/scan-action from 7.2.2 to 7.2.3 (PR #78)
files

build: bump anchore/scan-action from 7.2.1 to 7.2.2 (PR #75) http://hg.code.sf.net:8000/p/roundup/code/#changeset-839caadf6cad5740eaeb744c35745b87a5119464 John Rouillard rouilj@ieee.org 2025-12-15T09:44:44-05:00 2025-12-15T09:44:44-05:00

changeset	839caadf6cad
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	build: bump anchore/scan-action from 7.2.1 to 7.2.2 (PR #75)
files

chore: update actions/checkout from 6.0.0 to 6.1.1 pull74 http://hg.code.sf.net:8000/p/roundup/code/#changeset-4e0944649af780876b4a8057cbad34ac969ca1e7 John Rouillard rouilj@ieee.org 2025-12-08T23:07:57-05:00 2025-12-08T23:07:57-05:00

changeset	4e0944649af7
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	chore: update actions/checkout from 6.0.0 to 6.1.1 pull74
files

chore: anchore anchore/scan-action upgrade 7.1.0 to 7.2.0 http://hg.code.sf.net:8000/p/roundup/code/#changeset-aab59f040b80759dfede545d176673980064418b John Rouillard rouilj@ieee.org 2025-11-28T11:51:03-05:00 2025-11-28T11:51:03-05:00

changeset	aab59f040b80
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	chore: anchore anchore/scan-action upgrade 7.1.0 to 7.2.0
files

chore: anchore anchore/scan-action upgrade 7.1.0 to 7.2.0 http://hg.code.sf.net:8000/p/roundup/code/#changeset-3ab30654e9c14da1cffa176ef212a1655e3f61a5 John Rouillard rouilj@ieee.org 2025-11-24T11:51:40-05:00 2025-11-24T11:51:40-05:00

changeset	3ab30654e9c1
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	chore: anchore anchore/scan-action upgrade 7.1.0 to 7.2.0
files

chore: github actions/checkout upgrade 5.0.0 to 6.0.0 http://hg.code.sf.net:8000/p/roundup/code/#changeset-69fc3cee878cf5f6081f7ae0d26f69b749100104 John Rouillard rouilj@ieee.org 2025-11-24T11:50:19-05:00 2025-11-24T11:50:19-05:00

changeset	69fc3cee878c
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	chore: github actions/checkout upgrade 5.0.0 to 6.0.0
files

chore: dependabot upgrade anchore scan from 7.0.2 to 7.1.0 http://hg.code.sf.net:8000/p/roundup/code/#changeset-782ad9c0a15cb4b42245d0003abf79d8ec8283aa John Rouillard rouilj@ieee.org 2025-10-31T20:57:26-04:00 2025-10-31T20:57:26-04:00

changeset	782ad9c0a15c
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	chore: dependabot upgrade anchore scan from 7.0.2 to 7.1.0
files

chore: dependabot update anchore 7.0.0 -> 7.0.2 http://hg.code.sf.net:8000/p/roundup/code/#changeset-2f909acd5ba9c85e3e9b94ee00a01e2ae0264958 John Rouillard rouilj@ieee.org 2025-10-20T09:56:47-04:00 2025-10-20T09:56:47-04:00

changeset	2f909acd5ba9
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	chore: dependabot update anchore 7.0.0 -> 7.0.2
files

chore(build): update anchore to 7.0.0 via dependabot http://hg.code.sf.net:8000/p/roundup/code/#changeset-e5bd50120b5ae3842f1a95bd6953f8312829eaa5 John Rouillard rouilj@ieee.org 2025-09-22T12:37:21-04:00 2025-09-22T12:37:21-04:00

changeset	e5bd50120b5a
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	chore(build): update anchore to 7.0.0 via dependabot
files

chore: bump actions/checkout as reported by dependabot. http://hg.code.sf.net:8000/p/roundup/code/#changeset-3db40a355a6cc692165361d09eee12433b92d46a John Rouillard rouilj@ieee.org 2025-08-20T11:23:39-04:00 2025-08-20T11:23:39-04:00

changeset	3db40a355a6c
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	chore: bump actions/checkout as reported by dependabot.
files

build: dependabot anchore scan upgrade to 6.5.1 http://hg.code.sf.net:8000/p/roundup/code/#changeset-fd72487d00545934dd2d806048f95dd46588efd9 John Rouillard rouilj@ieee.org 2025-08-11T02:37:49-04:00 2025-08-11T02:37:49-04:00

changeset	fd72487d0054
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	build: dependabot anchore scan upgrade to 6.5.1
files

chore: update actions to current versions. http://hg.code.sf.net:8000/p/roundup/code/#changeset-1357dfcb81ebe470540899ebfb908573167473fe John Rouillard rouilj@ieee.org 2025-06-19T16:14:01-04:00 2025-06-19T16:14:01-04:00

changeset	1357dfcb81eb
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	chore: update actions to current versions.
files

test: disable cron job running anchore http://hg.code.sf.net:8000/p/roundup/code/#changeset-85c47edfc383c5cf87f9bcd05e49a93a28c58539 John Rouillard rouilj@ieee.org 2024-05-11T19:02:35-04:00 2024-05-11T19:02:35-04:00

changeset	85c47edfc383
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	test: disable cron job running anchore I don't need it running on a schedule. Unlike the ci workflow which has more moving/changing parts, anchore test results are pretty stable unless there is a change to the docker config.
files

chore: update to latest actions http://hg.code.sf.net:8000/p/roundup/code/#changeset-a17d0abfb212b9296b4623464deb1089b4a656bf John Rouillard rouilj@ieee.org 2024-01-28T22:39:36-05:00 2024-01-28T22:39:36-05:00

changeset	a17d0abfb212
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	chore: update to latest actions
files

build: break YAML to see if grype throws an error. http://hg.code.sf.net:8000/p/roundup/code/#changeset-d88bdaeecbecdbbac9c0e81cf7c915404f1d5fc4 John Rouillard rouilj@ieee.org 2023-09-24T23:54:18-04:00 2023-09-24T23:54:18-04:00

changeset	d88bdaeecbec
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	build: break YAML to see if grype throws an error. A debug run of anchore is showing the config as: configpath: /home/runner/work/roundup/roundup/.grype.yaml when running: Executing: grype -vv -o sarif --fail-on medium localbuild/testimage:latest Try breaking the yaml to see if it is actually being loaded. [skip travis]
files

build: try copying .grype.yaml to $HOME http://hg.code.sf.net:8000/p/roundup/code/#changeset-964250da574356bb35b4ccb9ceaded5afb1a54a2 John Rouillard rouilj@ieee.org 2023-09-24T23:36:25-04:00 2023-09-24T23:36:25-04:00

changeset	964250da5743
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	build: try copying .grype.yaml to $HOME .grype.yaml in root of checkout seems to not work. Try copying to $HOME. from: https://stackoverflow.com/questions/70923388/create-a-file-in-github-action [skip travis]
files

build(deps): bump actions/checkout from 4.0.0 to 4.1.0 - https://github.com/roundup-tracker/roundup/pull/50 http://hg.code.sf.net:8000/p/roundup/code/#changeset-bdc81c1e2eec421df6f036b12a8ac8770537c469 John Rouillard rouilj@ieee.org 2023-09-24T21:33:52-04:00 2023-09-24T21:33:52-04:00

changeset	bdc81c1e2eec
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	build(deps): bump actions/checkout from 4.0.0 to 4.1.0 - https://github.com/roundup-tracker/roundup/pull/50
files

chore(deps): bump actions/checkout from 3.6.0 to 4.0.0 - https://github.com/roundup-tracker/roundup/pull/47 http://hg.code.sf.net:8000/p/roundup/code/#changeset-926ea14c345094bc1535c3df6ac78351e9e74391 John Rouillard rouilj@ieee.org 2023-09-11T00:00:57-04:00 2023-09-11T00:00:57-04:00

changeset	926ea14c3450
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	chore(deps): bump actions/checkout from 3.6.0 to 4.0.0 - https://github.com/roundup-tracker/roundup/pull/47
files

chore(deps): bump actions/checkout from 3.5.3 to 3.6.0 - https://github.com/roundup-tracker/roundup/pull/46 http://hg.code.sf.net:8000/p/roundup/code/#changeset-4689795494dcd05381c791257cc3d3f030c38e3a John Rouillard rouilj@ieee.org 2023-08-29T16:16:21-04:00 2023-08-29T16:16:21-04:00

changeset	4689795494dc
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	chore(deps): bump actions/checkout from 3.5.3 to 3.6.0 - https://github.com/roundup-tracker/roundup/pull/46
files

Bump anchore/scan-action from 3.3.5 to 3.3.6 - https://github.com/roundup-tracker/roundup/pull/43 http://hg.code.sf.net:8000/p/roundup/code/#changeset-6dc7b1f1451c2fe41ff4c15c8bd65691e7e1b8b5 John Rouillard rouilj@ieee.org 2023-06-26T00:18:54-04:00 2023-06-26T00:18:54-04:00

changeset	6dc7b1f1451c
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Bump anchore/scan-action from 3.3.5 to 3.3.6 - https://github.com/roundup-tracker/roundup/pull/43
files

Bump github/codeql-action from 2.3.6 to 2.13.4 - https://github.com/roundup-tracker/roundup/pull/38 http://hg.code.sf.net:8000/p/roundup/code/#changeset-0b4028a757059a7fc6fcb39b48b5c66199604adb John Rouillard rouilj@ieee.org 2023-06-11T23:49:05-04:00 2023-06-11T23:49:05-04:00

changeset	0b4028a75705
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Bump github/codeql-action from 2.3.6 to 2.13.4 - https://github.com/roundup-tracker/roundup/pull/38
files

Bump actions/checkout from 3.5.2 to 3.5.3 - https://github.com/roundup-tracker/roundup/pull/37 http://hg.code.sf.net:8000/p/roundup/code/#changeset-e6cd3f3cd6911d334da5cbcafd7a6d32a6ca23d5 John Rouillard rouilj@ieee.org 2023-06-11T23:48:08-04:00 2023-06-11T23:48:08-04:00

changeset	e6cd3f3cd691
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Bump actions/checkout from 3.5.2 to 3.5.3 - https://github.com/roundup-tracker/roundup/pull/37
files

Bump github/codeql-action from 2.3.5 to 2.3.6 - https://github.com/roundup-tracker/roundup/pull/35 http://hg.code.sf.net:8000/p/roundup/code/#changeset-010eb3b00877c1fb9c5ede8102dd2a241d374d55 John Rouillard rouilj@ieee.org 2023-06-04T22:38:29-04:00 2023-06-04T22:38:29-04:00

changeset	010eb3b00877
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Bump github/codeql-action from 2.3.5 to 2.3.6 - https://github.com/roundup-tracker/roundup/pull/35
files

Bump github/codeql-action from 2.3.3 to 2.3.5 - https://github.com/roundup-tracker/roundup/pull/33 http://hg.code.sf.net:8000/p/roundup/code/#changeset-291c13c3b8e55fd14b1f304511ba609ecab22b47 John Rouillard rouilj@ieee.org 2023-05-28T22:54:31-04:00 2023-05-28T22:54:31-04:00

changeset	291c13c3b8e5
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Bump github/codeql-action from 2.3.3 to 2.3.5 - https://github.com/roundup-tracker/roundup/pull/33
files

Bump github/codeql-action from 2.3.2 to 2.3.3 - https://github.com/roundup-tracker/roundup/pull/28 http://hg.code.sf.net:8000/p/roundup/code/#changeset-b2183096b678d269bf6c777637040bc4d553d127 John Rouillard rouilj@ieee.org 2023-05-07T22:12:54-04:00 2023-05-07T22:12:54-04:00

changeset	b2183096b678
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Bump github/codeql-action from 2.3.2 to 2.3.3 - https://github.com/roundup-tracker/roundup/pull/28
files

Bump github/codeql-action from 2.3.0 to 2.3.2 - https://github.com/roundup-tracker/roundup/pull/27 http://hg.code.sf.net:8000/p/roundup/code/#changeset-1bb57a872fe7815c64820651b35f4b880bb6fa33 John Rouillard rouilj@ieee.org 2023-05-01T11:30:28-04:00 2023-05-01T11:30:28-04:00

changeset	1bb57a872fe7
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Bump github/codeql-action from 2.3.0 to 2.3.2 - https://github.com/roundup-tracker/roundup/pull/27
files

Add list of docker to allow checking size. http://hg.code.sf.net:8000/p/roundup/code/#changeset-6bffcc837bf79003858f2db23f921a6129a43ecf John Rouillard rouilj@ieee.org 2023-04-24T08:19:09-04:00 2023-04-24T08:19:09-04:00

changeset	6bffcc837bf7
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Add list of docker to allow checking size. Also move detatched comment to line it applies to.
files

Bump github/codeql-action from 2.2.12 to 2.3.0 - https://github.com/roundup-tracker/roundup/pull/25 http://hg.code.sf.net:8000/p/roundup/code/#changeset-4a28a73642079c7f311e0d4ac00388ed66dc5273 John Rouillard rouilj@ieee.org 2023-04-24T07:54:12-04:00 2023-04-24T07:54:12-04:00

changeset	4a28a7364207
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Bump github/codeql-action from 2.2.12 to 2.3.0 - https://github.com/roundup-tracker/roundup/pull/25
files

Bump github/codeql-action from 2.2.11 to 2.2.12 - https://github.com/roundup-tracker/roundup/pull/21 http://hg.code.sf.net:8000/p/roundup/code/#changeset-46de8ffb7873bdd1ed431959b27d99eb5a72a7e6 John Rouillard rouilj@ieee.org 2023-04-19T21:38:03-04:00 2023-04-19T21:38:03-04:00

changeset	46de8ffb7873
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Bump github/codeql-action from 2.2.11 to 2.2.12 - https://github.com/roundup-tracker/roundup/pull/21
files

Bump actions/checkout from 3.5.0 to 3.5.2 - https://github.com/roundup-tracker/roundup/pull/19 http://hg.code.sf.net:8000/p/roundup/code/#changeset-0ca12df8ef061afe7acd0f4ef56042c6dfbe1077 John Rouillard rouilj@ieee.org 2023-04-19T21:36:31-04:00 2023-04-19T21:36:31-04:00

changeset	0ca12df8ef06
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Bump actions/checkout from 3.5.0 to 3.5.2 - https://github.com/roundup-tracker/roundup/pull/19
files

[chore] Bump github/codeql-action from 2.2.9 to 2.2.11 - https://github.com/roundup-tracker/roundup/pull/17 http://hg.code.sf.net:8000/p/roundup/code/#changeset-7fd9d0f15cf05e0cb039f44fb9ec50fc57341413 John Rouillard rouilj@ieee.org 2023-04-09T22:39:10-04:00 2023-04-09T22:39:10-04:00

changeset	7fd9d0f15cf0
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	[chore] Bump github/codeql-action from 2.2.9 to 2.2.11 - https://github.com/roundup-tracker/roundup/pull/17
files

Bump github/codeql-action from 2.2.8 to 2.2.9 - https://github.com/roundup-tracker/roundup/pull/15 http://hg.code.sf.net:8000/p/roundup/code/#changeset-c6287f8b9f2ea2469a1eac59e41803d2c3afeeed John Rouillard rouilj@ieee.org 2023-04-03T02:16:06-04:00 2023-04-03T02:16:06-04:00

changeset	c6287f8b9f2e
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Bump github/codeql-action from 2.2.8 to 2.2.9 - https://github.com/roundup-tracker/roundup/pull/15
files

Bump anchore/scan-action from 3.3.4 to 3.3.5 - https://github.com/roundup-tracker/roundup/pull/14 http://hg.code.sf.net:8000/p/roundup/code/#changeset-4c1d62dbcffe953c308ad3882ee279d61265b9d4 John Rouillard rouilj@ieee.org 2023-04-03T02:15:27-04:00 2023-04-03T02:15:27-04:00

changeset	4c1d62dbcffe
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Bump anchore/scan-action from 3.3.4 to 3.3.5 - https://github.com/roundup-tracker/roundup/pull/14
files

Bump actions/checkout from 3.4.0 to 3.5.0 - https://github.com/roundup-tracker/roundup/pull/13 http://hg.code.sf.net:8000/p/roundup/code/#changeset-821429f560cdf81762ba5f560296790f8a3874ac John Rouillard rouilj@ieee.org 2023-03-26T22:20:21-04:00 2023-03-26T22:20:21-04:00

changeset	821429f560cd
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Bump actions/checkout from 3.4.0 to 3.5.0 - https://github.com/roundup-tracker/roundup/pull/13
files

Bump github/codeql-action from 2.2.7 to 2.2.8 - https://github.com/roundup-tracker/roundup/pull/12 http://hg.code.sf.net:8000/p/roundup/code/#changeset-743f02e916a72050e26ef8df560b1cc60b4d03f6 John Rouillard rouilj@ieee.org 2023-03-26T22:19:16-04:00 2023-03-26T22:19:16-04:00

changeset	743f02e916a7
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Bump github/codeql-action from 2.2.7 to 2.2.8 - https://github.com/roundup-tracker/roundup/pull/12
files

Bump github/codeql-action from 2.2.6 to 2.2.7 -- https://github.com/roundup-tracker/roundup/pull/9 http://hg.code.sf.net:8000/p/roundup/code/#changeset-f5e676c4383df895b8baf4775b298ffcaef8e2c2 John Rouillard rouilj@ieee.org 2023-03-20T20:05:16-04:00 2023-03-20T20:05:16-04:00

changeset	f5e676c4383d
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Bump github/codeql-action from 2.2.6 to 2.2.7 -- https://github.com/roundup-tracker/roundup/pull/9
files

Bump actions/checkout from 3.3.0 to 3.4.0 -- https://github.com/roundup-tracker/roundup/pull/11 http://hg.code.sf.net:8000/p/roundup/code/#changeset-0fd41edd26b0820be88456e4127cc575e432e4a3 John Rouillard rouilj@ieee.org 2023-03-20T20:03:01-04:00 2023-03-20T20:03:01-04:00

changeset	0fd41edd26b0
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Bump actions/checkout from 3.3.0 to 3.4.0 -- https://github.com/roundup-tracker/roundup/pull/11
files

Commit https://github.com/roundup-tracker/roundup/pull/8 http://hg.code.sf.net:8000/p/roundup/code/#changeset-a81f3750a14a60a32413519e3ed8b344ecc493c0 John Rouillard rouilj@ieee.org 2023-03-12T23:48:15-04:00 2023-03-12T23:48:15-04:00

changeset	a81f3750a14a
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Commit https://github.com/roundup-tracker/roundup/pull/8 Bump github/codeql-action from 2.2.5 to 2.2.6 also include sarif upload changes.
files

Prevent github actions from running if commit includes 'no-github-ci' http://hg.code.sf.net:8000/p/roundup/code/#changeset-8dc5b37393679e89b78fc24dab8193a768f9367c John Rouillard rouilj@ieee.org 2023-02-27T01:36:09-05:00 2023-02-27T01:36:09-05:00

changeset	8dc5b3739367
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Prevent github actions from running if commit includes 'no-github-ci' I'm geting tired of cancelling the github actions while trying to get travis-ci working.
files

upgrade codeql-actions to 2.2.5. https://github.com/roundup-tracker/roundup/pull/6 http://hg.code.sf.net:8000/p/roundup/code/#changeset-fcf7e210a0f93fdd7164ca2de2da621c1cfafa26 John Rouillard rouilj@ieee.org 2023-02-26T23:39:27-05:00 2023-02-26T23:39:27-05:00

changeset	fcf7e210a0f9
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	upgrade codeql-actions to 2.2.5. https://github.com/roundup-tracker/roundup/pull/6
files

Pin actions by using hashes removing tags like @v2. or @master http://hg.code.sf.net:8000/p/roundup/code/#changeset-cc49ac11850f09a24a275832a1428ade0faad53c John Rouillard rouilj@ieee.org 2023-02-16T20:12:55-05:00 2023-02-16T20:12:55-05:00

changeset	cc49ac11850f
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Pin actions by using hashes removing tags like @v2. or @master Now that actions are being scanned by dependabot, this is easier to keep up with. This also clears multiple security issues flagged by ossf-scorecard.
files

another try. Use same shell that builds roundup image to update base. http://hg.code.sf.net:8000/p/roundup/code/#changeset-7f4d20ebae4a02b8b1a9e0b16f107d1de904299b John Rouillard rouilj@ieee.org 2023-02-15T18:50:53-05:00 2023-02-15T18:50:53-05:00

changeset	7f4d20ebae4a
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	another try. Use same shell that builds roundup image to update base.
files

Try to force update of base image. http://hg.code.sf.net:8000/p/roundup/code/#changeset-572d1a9f875cfb90127858502976b223a92059ff John Rouillard rouilj@ieee.org 2023-02-15T18:36:00-05:00 2023-02-15T18:36:00-05:00

changeset	572d1a9f875c
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Try to force update of base image. The current python:3-alpine image passes security checks, but it's not passing in ci.
files

Try to make anchore failure fail build but upload results http://hg.code.sf.net:8000/p/roundup/code/#changeset-86dae713d4c6d276233023eb79cf020447ec8ba4 John Rouillard rouilj@ieee.org 2022-12-28T19:08:43-05:00 2022-12-28T19:08:43-05:00

changeset	86dae713d4c6
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Try to make anchore failure fail build but upload results The actions page shows all runs as successful despite anchore opening three security errors. I am trying to get the build for anchore to fail but still upload its SARIF report and to cat the SARIF report.
files

github: remove depricated acs-report-enable from anchore workflow http://hg.code.sf.net:8000/p/roundup/code/#changeset-7442bc16724f9c04c4f818a97a76bd894c3e7816 John Rouillard rouilj@ieee.org 2022-11-13T00:14:19-05:00 2022-11-13T00:14:19-05:00

changeset	7442bc16724f
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	github: remove depricated acs-report-enable from anchore workflow It's tossing a warning now.
files

Fix version identofier for Anchore scan http://hg.code.sf.net:8000/p/roundup/code/#changeset-619563fbe2d3b587cc31f1603dfdfd95e8279f81 John Rouillard rouilj@ieee.org 2022-11-07T19:18:30-05:00 2022-11-07T19:18:30-05:00

changeset	619563fbe2d3
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Fix version identofier for Anchore scan use anything on v3. Also dump serif output file. Also add id and use ${{ steps.scan.outputs.sarif }} rather than hardcoded file name to match example.
files

Update to latest Anchore to see if it fixes depreciation warnings. http://hg.code.sf.net:8000/p/roundup/code/#changeset-02321d2c8458d69c4ca8622df9ae117fa24f8e76 John Rouillard rouilj@ieee.org 2022-11-07T19:11:20-05:00 2022-11-07T19:11:20-05:00

changeset	02321d2c8458
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Update to latest Anchore to see if it fixes depreciation warnings.
files

only run on most current push. http://hg.code.sf.net:8000/p/roundup/code/#changeset-ca6b056b79a4d8f99f759bb76d86b98d628a2bac John Rouillard rouilj@ieee.org 2022-09-10T23:00:52-04:00 2022-09-10T23:00:52-04:00

changeset	ca6b056b79a4
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	only run on most current push.
files

add workflow - docker container security check http://hg.code.sf.net:8000/p/roundup/code/#changeset-3387f458ed278bcb580d66433e26c0e4fcaab0d4 John Rouillard rouilj@ieee.org 2022-08-31T01:08:49-04:00 2022-08-31T01:08:49-04:00

changeset	3387f458ed27
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	add workflow - docker container security check
files